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DETAILED ACTION 
Response to Amendment 

1. Applicant's amendment filed 03 February 2006 amends claims 1-3, 9, 10, 20, and 29. 
Applicant's amendment has been fully considered and entered. The amendments to claims 
effectively change the means elements of the claims to sections performing the same 
functionality of the previously claimed means elements. Therefore, the previous claim reject^o/vS 
apply because the claimed functionality has not changed. 

Response to Arguments 

2. Applicant's arguments filed 03 February 2006 have been fully considered but they are not 
persuasive. Applicant's arguments that nothing is described in DiGiorgio's specification 
concerning incoming APDUs, from smart card 10, that would be directly encapsulated by 
computer 14 into message packets is not persuasive because DiGiorgio discloses that a token 
device (smart card) communicates with a PC through a reader (Col. 2, lines 3-8). This 
communication occurs by passing data packages and forth through the reader (Col. 9, lines 1-2). 
These data packages are known as application protocol data units (APDUs) (Col. 9, lines 2-4). 
Each APDU contains either a command or a response to a command (Col. 9, lines 5-6). The 
security token device always waits for a command APDU from the computers system by way of 
the reader (Col. 9, lines 8-10). The security token device then executes the command specified in 
the command APDU and replies to the terminal with a response APDU (Col. 9, lines 10-13). 
Therefore the specification of DiGiorgio discloses incoming APDUs, from smart card 10, that 
would be directly encapsulated by computer 14 into message packets because the response 
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APDU mentioned in (Col. 9, lines 10-13) is encapsulated by the reader into packets that the 
computer/terminal understands. 

Claim Rejections - 35 USC §102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

4. Claims 1-7, 9, 10, 15-17, 19-42 are rejected under 35 U.S.C. 102(e) as being anticipated 
by DiGiorgio, U.S. Patent No. 6,385,729. Referring to claims 1, 42, DiGiorgio discloses a secure 
token device access system wherein a secure token device and a local computer system 
communicate via a token reader, and by passing data packages known as application protocol 
data units (APDUs) using the reader (Col. 1, line 63 - Col. 2, line 13 & Col. 9, lines 1-6), which 
meets the limitation of client communications means for transmitting and receiving message 
packets over said network using a packet based communications protocol, and for transmitting 
and receiving APDUs through said PSD interface. When a user attempts to access ISP services 
from the token device, the ISP issues a challenge to the token device to ensure that the user 
should be granted access to the ISP services (Col. 2, lines 16-23 & Col. 10, lines 24-33), which 
meets the limitation of a first client data processing means for receiving incoming message 
packets from said remote computer system using said client communications means, separating 
encapsulated APDUs from said incoming message packets thus generating desencapsulated 
APDUs and routing said desencapsulated APDUs to said PSD through said PSD Interface 
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independently of the origin and integrity of said incoming message packets. Once the challenge 
is received at the token device, the token device issues a response to the ISP challenge in the 
form shown in Figure 8B (Col. 10, lines 33-35), which meets the limitation of second client data 
processing means for receiving incoming APDUs from said PSD interface, encapsulating said 
incoming APDUs into outgoing message packets and routing said outgoing message packets to 
said remote computer system through said client communications means. 

Referring to claim 2, DiGiorgio discloses a secure token device access system wherein a 
secure token device and a local computer system communicate via a token reader, and by passing 
data packages known as application protocol data units (APDUs) using the reader (Col. 1, line 63 
- Col. 2, line 13 & Col. 9, lines 1-6), which meets the limitation of at least one PSD comprising 
means for functionally connecting to said PSD interface and mans for functionally 
communicating through said interface, PSD communications means for transmitting and 
receiving APDU messages through said PSD interface. When a user attempts to access ISP 
services from the token device, the ISP issues a challenge to the token device to ensure that the 
user should be granted access to the ISP services (Col. 2, lines 16-23 & Col. 10, lines 24-33), 
which meets the limitation of PSD processing means for interpreting said APDU messages, 
executing commands included in said APDU messages. Once the challenge is received at the 
token device, the token device issues a response to the ISP challenge in the form shown in Figure 
8B (Col. 10, lines 33-35), which meets the limitation of transmitting responses in APDU format 
through said PSD interface using said communications means. The secure token device contains 
a unique ID that is encoded into the token device (Col. 10, lines 54-55), which meets the 
limitation of memory storage means for storing at least one unique identifier. 
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Referring to claim 3, DiGiorgio discloses that when a user attempts to access ISP services 
from the token device, the ISP issues a challenge to the token device to ensure that the user 
should be granted access to the ISP services (Col. 2, lines 16-23 & Col. 10, lines 24-33), which 
meets the limitation of server communications means for transmitting and receiving messages 
over said network using said packet based communications protocol, first server data processing 
means for receiving requests from at least one applications level program, translating said 
requests into APDU format and transmitting said APDU formatted requests to a second server 
data processing means, second server data processing means for encapsulating said APDU 
formatted requests received from said first server data processing means into outgoing message 
packets and transmitting said outgoing message packets over said network to said local client 
using said server communications means. Once the challenge is received at the token device, the 
token device issues a response to the ISP challenge in the form shown in Figure 8B (Col. 10, 
lines 33-35), which meets the limitation of third server data processing means for receiving 
incoming messages from said local client using said server communications means and 
separating encapsulated APDUs from said incoming message packets thus generating 
desencapsulated APDUs and routing said desencapsulated APDUs to a fourth server data 
processing means, and fourth server data processing means for receiving and translating said 
desencapsulated APDUs sent by said third server data processing means into another message 
format thus generating a translated message and transmitting said translated message to at least 
one applications level program. 

Referring to claim 4, DiGiorgio discloses that the network can be the Internet (Col. 1, 
lines 19-20), which meets the limitation of a public network. 
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Referring to claim 5, DiGiorgio discloses that the network can be a LAN (Col. 7, lines 
28-29), which meets the limitation of a private network. 

Referring to claim 6, DiGiorgio discloses that the communications protocol is the Internet 
Protocol (Col. 1, lines 38-39), which meets the limitation of an open communications protocol. 

Referring to claim 7, DiGiorgio discloses that the communications can be encrypted (Col. 
11, lines 21-25), which meets the limitation of a secure communications protocol. 

Referring to claim 9, DiGiorgio discloses a secure token device access system wherein a 
secure token device and a local computer system communicate via a token reader, and by passing 
data packages known as application protocol data units (APDUs) using the reader (Col. 1, line 63 
- Col. 2, line 13 & Col. 9, lines 1-6), which meets the limitation of PSD communications means 
for transmitting and receiving encrypted APDU messages through said PSD interface. When a 
user attempts to access ISP services from the token device, the ISP issues a challenge to the 
token device to ensure that the user should be granted access to the ISP services (Col. 2, lines 16- 
23 & Col. 10, lines 24-33). The computer system utilizes Netscape Navigator, which includes 
SSL capabilities and would therefore enable two way encrypted communications (Col. 7, lines 
44-47), which meets the limitation of first PSD processing means for decrypting incoming 
encrypted APDU messages using stored cryptographic information, thus generating incoming 
decrypted APDU messages, second PSD processing means for interpreting said incoming 
decrypted APDU messages, and executing commands included in said incoming decrypted 
APDU messages, third PSD processing means for encrypting outgoing APDU response 
messages using stored cryptographic information thus generating outgoing encrypted APDU 
response messages, and transmitting said outgoing encrypted APDU response messages in said 
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APDU format through said PSD interface using said communications means, means for storing 
at least one cryptographic key. The secure token device contains a unique ID that is encoded into 
the token device (Col. 10, lines 54-55), which meets the limitation of memory storage means for 
storing at least one unique identifier. 

Referring to claims 10, 15, DiGiorgio discloses a secure token device access system 
wherein a secure token device and a local computer system communicate via a token reader, and 
by passing data packages known as application protocol data units (APDUs) using the reader 
(Col. 1, line 63 - Col. 2, line 13 & Col. 9, lines 1-6), which meets the limitation of server 
communications means for transmitting and receiving messages over said network using said 
packet based communications protocol. Once the challenge is received at the token device, the 
token device issues a response to the ISP challenge in the form shown in Figure 8B (Col. 10, 
lines 33-35). The computer system utilizes Netscape Navigator, which includes SSL capabilities 
and would therefore enable two way encrypted communications (Col. 7, lines 44-47), which 
meets the limitation of cryptography data processing means, first server data processing means 
fro receiving requests from at least one applications level program, translating said requests into 
APDU format and transmitting said APDU formatted requests to said cryptography data 
processing means, second server data processing means for encapsulating encrypted APDU 
formatted requests received from said cryptography data processing means into outgoing 
message packets transmitting said outgoing message packets over said network using said server 
communications means, third server data processing means for receiving incoming message 
packets using said server communications means and separating encapsulated APDUs from said 
incoming message packets thus generating desencapsulated APDUs and routing said 
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desencapsulated APDUs to said cryptography data processing means, fourth server data 
processing means for receiving and translating decrypted desencapsulated APDUs send by said 
cryptography processing means into another message format thus generating a translated 
message and transmitting said translated message to at least one applications level program, 
wherein said cryptography data processing means comprises means for encrypting said APDU 
formatted requests received from said first server data processing means and sending said 
encrypted APDU formatted requests to said second server data processing means and for 
decrypting said desencapsulated APDUs received from said third server data processing means 
and sending said decrypted desencapsulated APDUs to said fourth server data processing means. 

Referring to claims 16, 17, 19, DiGiorgio discloses that the network can be a cellular 
network (Col. 5, line 39), which meets the limitation of a digital cellular network and a wireless 
network. 

Referring to claims 20, 28, 37, DiGiorgio discloses a secure token device access system 
wherein a secure token device and a local computer system communicate via a token reader, and 
by passing data packages known as application protocol data units (APDUs) using the reader 
(Col. 1, line 63 - Col. 2, line 13 & Col. 9, lines 1-6), which meets the limitation of generating a 
request to access said PSD on said remote computer system, wherein said request is in a non- 
native protocol for communicating with said PSD and said request is generated by an API level 
program, converting on said remote computer system said request from said non-native protocol 
into an APDU format request message using a first server data processing means. When a user 
attempts to access ISP services from the token device, the ISP issues a challenge to the token 
device to ensure that the user should be granted access to the ISP services (Col. 2, lines 16-23 & 
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Col. 10, lines 24-33), which meets the limitation of encapsulating on said remote computer 
system said APDU format request message into said packet based communications protocol 
producing an encapsulated request message, using a second server data processing means, 
transmitting said encapsulated request message over said network using said packet based 
communications protocol. Once the challenge is received at the token device, the token device 
issues a response to the ISP challenge in the form shown in Figure 8B (Col. 10, lines 33-35), 
which meets the limitation of receiving by said client said encapsulated request message sent 
over said network, processing said encapsulated request message using a first data processing 
means to separate said APDU format request message from said encapsulated request message, 
routing on said client said APDU format request message through a hardware device port 
assigned to a PSD interface independently of the origin and integrity of said encapsulated request 
message, wherein said PSD interface is in processing communication with said PSD, receiving 
by said PSD said APDU format request message through said PSD interface and processing said 
APDU format response message into said packet based communications protocol producing an 
encapsulated response message, using a second data processing means, transmitting said 
encapsulated response message over said network using said packet based communications 
protocol, receiving said encapsulated response message sent over said network by said remote 
computer system, processing said encapsulated response message using a third server data 
processing means to separate said APDU response message from said encapsulated response 
message thus generating a desencapsulated APDU response message, converting by said remote 
computer system said desencapsulated APDU response message into a response in a non-native 
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protocol using a fourth server data processing means and forwarding said response to at least one 
API level program. 

Referring to claim 21, DiGiorgio discloses that the network can be the Internet (Col. 1, 
lines 19-20), which meets the limitation of a public network. 

Referring to claim 22, DiGiorgio discloses that the network can be a LAN (Col. 7, lines 
28-29), which meets the limitation of a private network. 

Referring to claim 23, DiGiorgio discloses that the communications protocol is the 
Internet Protocol (Col. 1, lines 38-39), which meets the limitation of an open communications 
protocol. 

Referring to claim 24, DiGiorgio discloses that the communications can be encrypted 
(Col. 1 1, lines 21-25), which meets the limitation of a secure communications protocol. 

Referring to claim 25, DiGiorgio discloses that system may automatically attempt to 
grant the user access to the ISP services once the token device is authenticated (Col. 10, lines 24- 
28), which meets the limitation of said communication pipe is initiated automatically upon 
connection of said PSD to said local client. 

Referring to claims 26, 27, DiGiorgio discloses that the access to the ISP services may be 
granted upon a user double click on an icon associated with the ISP (Col. 10, lines 24-26), which 
meets the limitation of said communications pipe is initiated by a client requesting access to 
information contained on one or more networked clients or networked remote computer systems. 

Referring to claims 29, 36, 37, DiGiorgio discloses a secure token device access system 
wherein a secure token device and a local computer system communicate via a token reader, and 
by passing data packages known as application protocol data units (APDUs) using the reader 
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. (Col. 1, line 63 - Col. 2, line 13 & Col. 9, lines 1-6), which meets the limitation of generating a 
request to access said PSD on said remote computer system, wherein said request is in a non- 
native protocol for communicating with said PSD and said request is generated by an API level 
program, converting on said remote computer system said request from said non-native protocol 
into an APDU format request message using a first server data processing means, and sending 
said APDU format request message to a cryptography data processing means. When a user 
attempts to access ISP services from the token device, the ISP issues a challenge to the token 
device to ensure that the user should be granted access to the ISP services (Col. 2, lines 16-23 & 
Col. 10, lines 24-33). The computer system utilizes Netscape Navigator, which includes SSL 
capabilities and would therefore enable two way encrypted communications (Col. 7, lines 44- 
47), which meets the limitation of receiving and encrypting said APDU format request message 
using cryptography data processing means thus generating an encrypted APDU request message 
and sending said encrypted APDU request message to a second server data processing means, 
wherein said cryptography data processing means uses a pre-established encryption method, 
encapsulating on said remote computer system said encrypted APDU request message into said 
packet based communications protocol producing an encapsulated and encrypted request 
message, using said second server data processing means, transmitting said encapsulated and 
encrypted request message over said network using said packet based communications protocol. 
Once the challenge is received at the token device, the token device issues a response to the ISP 
challenge in the form shown in Figure 8B (Col. 10, lines 33-35), which meets the limitation of 
receiving said encapsulated and encrypted request message sent over said network by said client, 
processing said encapsulated and encrypted request message using a first client data processing 
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means to separate said encrypted APDU request message from said encapsulated and encrypted 
request message thus generating a desencapsulated encrypted APDU request message, routing on 
said client said desencapsulated encrypted APDU request message through a hardware device 
port assigned to a PSD interface independently of the origin and integrity of said encapsulated 
and encrypted request message, wherein said PSD interface is in processing communication with 
said PSD, receiving said desencapsulated encrypted APDU request message through said PSD 
interface by said PSD and decrypting said desencapsulated encrypted APDU request message 
using an internal PSD data cryptography means thus generating a desencapsulated and decrypted 
APDU request message, wherein said cryptography means is pre-established and sending said 
desencapsulated and decrypted APDU request messages to a first internal PSD data processing 
means, receiving said desencapsulated and decrypted APDU request message from said internal 
PSD data cryptography means and processing said desencapsulated and decrypted APDU request 
message using said first internal PSD data processing means, generating a response message in 
APDU format by said PSD using a second internal PSD data processing means, encrypting said 
APDU format response message using said internal PSD data cryptography means thus 
generating an encrypted APDU format response message response message through said PSD 
interface, and transmitting said encrypted APDU format receiving by said client said encrypted 
APDU format response message through said PSD Interface and encapsulating said encrypted 
APDU format response message into said packet based communications protocol producing an 
encapsulated and encrypted response message, using a second client data processing means, 
transmitting said encapsulated message over said network using and encrypted response said 
packet based communications protocol, receiving by said remote computer system said 
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encapsulated and encrypted response message sent over said network, processing said 
encapsulated and encrypted response message using a third server data processing means to 
separate said encrypted APDU response message from said encapsulated and encrypted response 
message thus generating a desencapsulated encrypted APDU response message, decrypting said 
desencapsulated encrypted APDU response server data processing means message received 
from said third using said cryptography data processing means thus generating a desencapsulated 
and decrypted APDU response message and sending said desencapsulated and decrypted APDU 
response message to said fourth server data processing means, and converting by said remote 
computer system said desencapsulated and decrypted APDU response message into a response in 
a non-native protocol using a fourth server data processing means, and forwarding said response 
to at least one API Level Program. 

Referring to claim 30, DiGiorgio discloses that the network can be the Internet (Col. 1, 
lines 19*20), which meets the limitation of a public network. 

Referring to claim 31, DiGiorgio discloses that the network can be a LAN (Col. 7, lines 
28-29), which meets the limitation of a private network. 

Referring to claim 32, DiGiorgio discloses that the communications protocol is the 
Internet Protocol (Col. 1, lines 38-39), which meets the limitation of an open communications 
protocol. 

Referring to claim 33, DiGiorgio discloses that the communications can be encrypted 
(Col. 11, lines 21-25), which meets the limitation of a secure communications protocol. 

Referring to claims 34, 35, DiGiorgio discloses that the access to the ISP services may be 
granted upon a user double click on an icon associated with the ISP (Col. 10, lines 24-26), which 
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meets the limitation of said communications pipe is initiated by a client requesting access to 
information contained on one or more networked clients or networked remote computer systems. 

Referring to claims 38, 39, 41, DiGiorgio discloses that the network can be a cellular 
network (Col. 5, line 39), which meets the limitation of a digital cellular network and a wireless 
network. 

Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S. C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

6. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 
(1966), that are applied for establishing a background for determining obviousness under 35 
U.S.C. 103(a) are summarized as follows: 

1 . Determining the scope and contents of the prior art. 

2. Ascertaining the differences between the prior art and the claims at issue. 

3. Resolving the level of ordinary skill in the pertinent art. 

4. Considering objective evidence present in the application indicating obviousness . 
or nonobviousness. 

7. Claims 18, 40 are rejected under 35 U.S.C. 103(a) as being unpatentable over DiGiorgio, 
U.S. Patent No. 6,385,729, in view of Brown, U.S. Patent No. 5,455,863. Referring to claims 18, 
40, DiGiorgio does not disclose that the network can be optical. Brown discloses a network 
authentication system wherein the network is wireline, optical fiber link, satellite, or any other 
type of communication channel (Col. 8, lines 56-58). It would have been obvious to one of 
ordinary skill in the art at the time the invention was made for the network of Chan to be optical 
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because Brown discloses that those skilled in the art would understand that different networks 
can be used without departing from the spirit and scope of the invention (Col. 8, lines 48-55). 

Double Patenting 

8. The nonstatutory double patenting rejection is based on a judicially created doctrine 
grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or 
improper timewise extension of the "right to exclude" granted by a patent and to prevent possible 
harassment by multiple assignees. See In re Goodman, 1 1 F.3d 1046, 29 USPQ2d 2010 (Fed. 
Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 
F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 
1970);and, In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). 

9. A timely filed terminal disclaimer in compliance with 37 CFR 1 .321(c) may be used to 
overcome an actual or provisional rejection based on a nonstatutory double patenting ground 
provided the conflicting application or patent is shown to be commonly owned with this 
application. See 37 CFR 1.130(b). 

10. Effective January 1, 1994, a registered attorney or agent of record may sign a terminal 
disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 

CFR 3.73(b). 

1 1 . Claims 1-42 are provisionally rejected under the judicially created doctrine of 
obviousness-type double patenting as being unpatentable over claims 1-4, 7-10, 13-15 of 
copending Application No. 09/844,439, '439 application. Although the conflicting claims are 
not identical, they are not patentably distinct from each other because both applications claim 
methods and systems for transmitting message packets, by a remote computer system, with 
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encapsulated APDUs over a communication path to a local client that desencapsulates the 
message packets before routing the APDUs to the PSD. The PSD then routs APDUs to the local 
client for encapsulation and transmission to the remote computer system. The methods and 
systems containing encrypted and unencrypted embodiments. Therefore claims 1-42 of the 
current application are anticipated in claims 1-4, 7-10, 13-15 of the '439 application. 

This is a provisional obviousness-type double patenting rejection because the conflicting 
claims have not in fact been patented. 

The double patenting rejection is response to amendments to the claims in the '439 
application that were filed 19 April 2005. 

Conclusion 

12. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Benjamin E. Lanier whose telephone number is 571-272-3805. 
The examiner can normally be reached on M-Th 7:30am-5 :00pm, F 7:30am-4pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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